Házi feladat

Homework

1. házi feladat

The goal of the semester project is to use the cryptographic building blocks that we learned during the lectures
in practice. We believe that a learning-by-doing approach leads to deeper understanding of the subject.
To make it fun and somewhat less of an effort, the semester project can be carried out in groups of 3 students.
This also allows students to gain experience in team work and collaborative development of software. So, please,
team up with your buddies, and send me (buttyan@crysys.hu) the names of your group members!
Each group can choose to design and implement one of the following applications:
- a multi-party chat application (must support multiple chat clients communicating with each other via a chat server or in a peer-to-peer manner, if a server is used, then it should not be trusted for learning the content of chat messages, the application must ensure confidentiality and integrity of chat messages, message origin authentication, and replay protection)
- a simple file transfer application (must be a client-server application supporting file upload to and download from the server, and it must ensure confidentiality and integrity of control messages and transferred files, origin authentication and replay protection for messages, and mutual authentication between the client and the server at the beginning of each session)
- a password manager application (can be a local application or server based, must support generation of random passwords and storage of passwords together with related account information, must ensure confidentiality and integrity for stored passwords, can use a master password for accessing password entries)
- an anomnymous e-mail sending application (a re-mailer proxy that accepts encrypted e-mails, decrypts them, and re-sends them in clear to the indicated destination, must support reply messages, must ensure sender anonymity with respect to the receiver of the mail and unlinkability of senders and receivers with respect to someone observing the operation of the proxy).
The project has two phases: (1) in the first phase, teams have to come up with a design and submit a sufficiently detailed
description (that looks like an engineering document) of their envisioned system architecture and cryptographic protocols, and (2)
in the second phase, after receiving some feedback on the design, teams have to implement their designs using a real crypto library.
The design document must contain at least the following sections:
- functional requirements of the application
- attacker model (assumptions about the goals and capabilities of an attacker)
- security requirements of the application
- system architecture (modules and their relationships)
- cryptographic protocols
- key exchange and key management
- brief security analysis (how the design satisfies the security requirements).
Design documents should contain sufficient details for someone to implement the design. A single design document per team must be submitted in pdf format here (choose 'VIHIMA05 - Design') by the deadline given below.

Deadlines

Határidő

2018. 03. 29. (midnight)

Results

Eredmények

2. házi feladat

In the second (implementation) phase, teams will implement their design (after feedback and potential
corrections). The preferred language for implementation is Python 3 with the PyCryptodome library, but
teams could also use other languages and crypto libraries. Teams should complete their implementation and
submit their work in a zip file here (choose 'VIHIMA05 - Implementation')
by the deadline below. The submissions should contain at least the following:
- source code
- some documentation of the code
- a 3-4 min video showing the working application and its basic usage.